| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
| |
15.11.2012, 00:45
| #1 |
 |  Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? Hallo! Da meine Mutter einen Brief von der Telekom bekommen hat, dass ihr PC vom Zeus Online-Banking Trojaner befallen ist, hatte ich Angst, dass der evtl. bei mir auch über 'nen USB-Stick draufgekommen sein könnte und hab ein paar scans gemacht. Den hab ich dann (glaube ich) nicht gefunden, aber ein paar andere infizierte Dateien. Ich benutze Avast als Virusprogramm und mache scans mit Malwarebyte's Antimalware und SuperantiSpyware (hab leider keine alten scans). Die infizierten Dateien habe ich von Malwarebyte's Antimalware und SUPERAntiSpyware löschen lassen (siehe Logs), aber ich habe Angst, dass noch was im PC versteckt ist, und deshalb wäre es sehr schön, wenn sich mal ein Profi die logs angucken könnte (evtl. wurde der Zeus-Trojaner auch von den Programmen übersehen und schlummert noch auf meinem PC?). Wie in der Forenanleitung beschrieben hab ich alle nötigen logfiles erstellt. Malwarebyte's: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.14.06 Windows XP Service Pack 3 x86 FAT32 Internet Explorer 8.0.6001.18702 jens :: DACHS [Administrator] 14.11.2012 20:54:55 mbam-log-2012-11-14 (22-01-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 343786 Laufzeit: 40 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Dokumente und Einstellungen\jens\Anwendungsdaten\loadtbs (PUP.LoadTubes) -> Keine Aktion durchgeführt. Infizierte Dateien: 9 C:\Programme\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{5706DE39-B830-473B-88EE-8395CF4BDCC1}\RP1057\A0197382.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{5706DE39-B830-473B-88EE-8395CF4BDCC1}\RP1065\A0199035.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\jens\Anwendungsdaten\loadtbs\keyHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\jens\Anwendungsdaten\loadtbs\uninstall.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\jens\Anwendungsdaten\loadtbs\config.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\jens\Anwendungsdaten\loadtbs\updateHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\jens\Anwendungsdaten\loadtbs\domHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\jens\Anwendungsdaten\loadtbs\evHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 11/14/2012 at 11:30 PM
Application Version : 5.6.1014
Core Rules Database Version : 9584
Trace Rules Database Version: 7396
Scan type : Complete Scan
Total Scan Time : 01:00:09
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 639
Memory threats detected : 0
Registry items scanned : 38303
Registry threats detected : 1
File items scanned : 41023
File threats detected : 1
Disabled.SecurityCenterOption
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY
Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5706DE39-B830-473B-88EE-8395CF4BDCC1}\RP1078\A0201635.EXE
Code:
ATTFilter OTL logfile created on: 15.11.2012 00:03:30 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\jens\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 66,09% Memory free 3,72 Gb Paging File | 3,24 Gb Available in Paging File | 86,97% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 67,05 Gb Total Space | 27,02 Gb Free Space | 40,29% Space Free | Partition Type: FAT32 Drive D: | 42,84 Gb Total Space | 7,65 Gb Free Space | 17,85% Space Free | Partition Type: FAT32 Computer Name: DACHS | User Name: jens | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.14 23:53:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\jens\Desktop\OTL.exe PRC - [2012.11.14 22:24:48 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe PRC - [2012.08.21 11:12:26 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe PRC - [2012.08.11 16:43:06 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.06.07 17:34:34 | 000,478,712 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2008.04.14 04:23:06 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE PRC - [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.10.14 11:43:32 | 000,069,632 | ---- | M] (ASUS) -- C:\WINDOWS\system32\ASUSTPE.exe PRC - [2006.10.14 05:37:40 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe PRC - [2006.08.10 10:08:04 | 002,379,776 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe PRC - [2006.06.08 20:33:02 | 000,053,248 | ---- | M] (ASUSTeK Computer INC.) -- C:\Programme\ASUS\ATK Media\DMedia.exe PRC - [2006.04.24 14:25:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe PRC - [2005.10.17 17:09:34 | 000,987,136 | ---- | M] () -- C:\Programme\Wireless Console 2\wcourier.exe PRC - [2004.03.13 04:04:16 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe ========== Modules (No Company Name) ========== MOD - [2012.11.14 23:58:02 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll MOD - [2012.11.14 23:57:46 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll MOD - [2012.11.14 23:56:52 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll MOD - [2012.11.14 23:56:50 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2012.11.14 23:56:46 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2012.11.14 23:56:40 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2012.11.14 23:56:28 | 005,246,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll MOD - [2012.11.14 20:22:46 | 001,832,960 | ---- | M] () -- C:\Programme\Alwil Software\Avast5\defs\12111401\algo.dll MOD - [2012.07.04 22:44:54 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\df9b91c72d00cad13abd00fe7f8d12cb\System.Windows.Forms.ni.dll MOD - [2012.07.04 22:25:50 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2012.05.09 20:33:18 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll MOD - [2012.05.09 20:24:18 | 000,532,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll MOD - [2012.05.09 20:24:18 | 000,368,640 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll MOD - [2012.05.09 20:19:46 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll MOD - [2012.05.09 20:19:24 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012.05.09 20:18:54 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012.05.09 20:18:32 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.09 20:18:08 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2012.05.09 20:13:58 | 001,249,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll MOD - [2012.05.09 20:13:56 | 005,283,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll MOD - [2012.05.09 20:13:54 | 004,214,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2009.02.02 14:21:06 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.02.02 14:21:04 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.02.02 14:17:08 | 000,864,256 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll MOD - [2009.02.02 14:17:04 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll MOD - [2009.02.02 14:17:04 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll MOD - [2008.06.04 08:53:14 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\spd__l.dll MOD - [2008.04.14 04:23:06 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE MOD - [2008.04.14 04:22:32 | 000,214,528 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\wbemcomn.dll MOD - [2007.08.21 19:48:02 | 001,671,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2589.34579__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2007.08.21 19:48:02 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2589.34534__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2007.08.21 19:48:02 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2589.34592__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2007.08.21 19:48:02 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2589.34808__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2007.08.21 19:48:02 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2589.34761__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2007.08.21 19:48:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2589.34570__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2007.08.21 19:48:02 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2589.34591__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll MOD - [2007.08.21 19:48:02 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2589.34555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2007.08.21 19:48:02 | 000,015,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2589.34693__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2007.08.21 19:48:00 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2589.34851__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2007.08.21 19:47:10 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2589.34857__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2007.08.21 19:47:10 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2589.34584__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll MOD - [2007.08.21 19:47:10 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2589.34549__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2007.08.21 19:47:10 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2589.34584__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll MOD - [2007.08.21 19:47:08 | 000,667,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2589.34707__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2007.08.21 19:47:08 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2589.34795__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2007.08.21 19:47:08 | 000,344,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2589.34776__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2007.08.21 19:47:08 | 000,262,144 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Dashboard\2.0.2589.34628__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Dashboard.dll MOD - [2007.08.21 19:47:08 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2589.34781__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2007.08.21 19:47:08 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2589.34773__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2007.08.21 19:47:08 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2589.34703__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2007.08.21 19:47:06 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2589.34606__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2007.08.21 19:47:06 | 000,475,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2589.34698__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2007.08.21 19:47:06 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2589.34557__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2007.08.21 19:47:06 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2589.34748__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2007.08.21 19:47:06 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2589.34613__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2007.08.21 19:47:06 | 000,208,896 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2589.34599__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2007.08.21 19:47:06 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2589.34728__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2007.08.21 19:47:06 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2589.34694__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2007.08.21 19:47:06 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2589.34702__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2007.08.21 19:47:06 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2589.34727__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2007.08.21 19:47:06 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2589.34612__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2007.08.21 19:47:06 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2589.34747__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2007.08.21 19:47:06 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Runtime\2.0.2589.34633__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Runtime.dll MOD - [2007.08.21 19:47:06 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2007.08.21 19:47:06 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2007.08.21 19:47:04 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2560.25961__90ba9c70f846762e\CLI.Foundation.dll MOD - [2007.08.21 19:47:04 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2560.25971__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2007.08.21 19:47:04 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2537.29860__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2007.08.21 19:47:04 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2007.08.21 19:47:04 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2560.25959__90ba9c70f846762e\LOG.Foundation.dll MOD - [2007.08.21 19:47:04 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2560.26040__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2007.08.21 19:47:04 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2560.25964__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2007.08.21 19:47:04 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2007.08.21 19:47:04 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2560.25973__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2007.08.21 19:47:04 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2560.25968__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2007.08.21 19:47:04 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll MOD - [2007.08.21 19:47:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2560.25974__90ba9c70f846762e\MOM.Foundation.dll MOD - [2007.08.21 19:47:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2560.26001__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2007.08.21 19:47:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2560.26002__90ba9c70f846762e\DEM.OS.dll MOD - [2007.08.21 19:47:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2560.25997__90ba9c70f846762e\DEM.Graphics.dll MOD - [2007.08.21 19:47:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2531.19989__90ba9c70f846762e\DEM.Foundation.dll MOD - [2007.08.21 19:47:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2007.08.21 19:47:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2007.08.21 19:47:02 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2560.26001__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2560.25986__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2560.26001__90ba9c70f846762e\APM.Foundation.dll MOD - [2007.08.21 19:47:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2560.25960__90ba9c70f846762e\AEM.Foundation.dll MOD - [2007.08.21 19:47:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2531.19989__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2007.08.21 19:47:02 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared\2.0.2560.25989__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2007.08.21 19:47:02 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2560.25970__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2007.08.21 19:46:48 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2589.34878__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2007.08.21 19:46:46 | 001,404,928 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2589.34543__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2007.08.21 19:46:46 | 000,466,944 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2589.34565__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2007.08.21 19:46:46 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2589.34834__90ba9c70f846762e\MOM.Implementation.dll MOD - [2007.08.21 19:46:46 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2589.34533__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2007.08.21 19:46:46 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2589.34833__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2007.08.21 19:46:46 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2560.25970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2007.08.21 19:46:46 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2560.25980__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2007.08.21 19:46:46 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2560.25964__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2007.08.21 19:46:46 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2560.26010__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2007.08.21 19:46:46 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2560.25982__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2007.08.21 19:46:46 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2560.25966__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2007.08.21 19:46:46 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2560.25981__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2007.08.21 19:46:44 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2589.34533__90ba9c70f846762e\ATIDEMOS.dll MOD - [2007.08.21 19:46:44 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2589.34532__90ba9c70f846762e\AEM.Server.dll MOD - [2007.08.21 19:46:44 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2007.08.21 19:46:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2560.26004__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2007.08.21 19:46:44 | 000,019,968 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2589.34834__90ba9c70f846762e\CCC.Implementation.dll MOD - [2006.12.19 19:16:04 | 000,073,728 | ---- | M] () -- c:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll MOD - [2006.10.14 05:37:40 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe MOD - [2006.08.24 03:32:26 | 000,163,840 | ---- | M] () -- C:\WINDOWS\ATK0100\ASUSNet.dll MOD - [2006.08.10 10:08:04 | 002,379,776 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe MOD - [2005.10.17 17:09:34 | 000,987,136 | ---- | M] () -- C:\Programme\Wireless Console 2\wcourier.exe MOD - [2004.05.27 22:13:10 | 000,057,344 | ---- | M] () -- C:\WINDOWS\ATK0100\CMSSC.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Unknown] -- -- (Avgatuvtv) SRV - [2012.11.14 22:24:48 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2012.10.30 17:10:30 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.21 11:12:26 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.08.11 16:43:06 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.07 17:34:34 | 000,478,712 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2010.08.09 04:04:04 | 000,131,888 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\WINDOWS\system32\SUPDSvc.exe -- (Samsung UPD Service) SRV - [2007.08.31 12:28:30 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2006.04.24 14:25:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- c:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004.03.13 04:04:16 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\MpEngineStore\MpKsl9753d9dd.sys -- (MpKsl9753d9dd) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.08.21 11:13:16 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.08.21 11:13:16 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.08.21 11:13:16 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2012.08.21 11:13:14 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012.08.21 11:13:14 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.06.07 17:25:22 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva) DRV - [2012.06.07 17:24:24 | 000,057,256 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\acsmux.sys -- (acsmux) DRV - [2012.06.07 17:24:24 | 000,038,440 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\acsint.sys -- (acsint) DRV - [2011.07.22 18:27:04 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:24 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011.03.18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2010.05.01 12:19:20 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2010.05.01 12:19:20 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.06.09 22:32:16 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.10.12 02:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007.10.12 01:56:00 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) DRV - [2007.09.20 20:54:12 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2007.02.02 02:03:24 | 001,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006.11.02 20:32:30 | 004,394,496 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) DRV - [2006.10.12 16:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2006.08.29 19:10:34 | 000,107,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Symantec\SYMEVENT.SYS -- (SymEvent) DRV - [2006.08.13 23:40:24 | 000,027,776 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atl02_xp.sys -- (AtcL002) DRV - [2006.04.28 17:24:42 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) DRV - [2006.03.21 10:04:24 | 000,889,472 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial) DRV - [2006.01.24 10:45:56 | 000,034,944 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipswuio.sys -- (ipswuio) DRV - [2005.02.17 10:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2004.05.27 22:13:04 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\ATK0100\ASNDIS5.sys -- (ASNDIS5) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {A107B17A-F519-479A-BD44-DFF58D6ADEA1} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field IE - HKCU\..\SearchScopes\{A107B17A-F519-479A-BD44-DFF58D6ADEA1}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Programme\DivX\DivX Content Uploader\npUpload.dll File not found FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Programme\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Programme\Alwil Software\Avast5\WebRep\FF [2011.06.01 14:24:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.27 19:05:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.27 19:05:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.10.30 17:10:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2012.10.30 17:10:18 | 000,000,000 | ---D | M] [2010.05.07 17:09:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Mozilla\Extensions [2010.05.11 15:09:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.05.07 17:09:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Mozilla\Firefox\Profiles\fort0edl.default\extensions [2010.05.12 16:05:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Mozilla\Firefox\Profiles\fort0edl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.15 22:23:24 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Mozilla\Firefox\Profiles\fort0edl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.07.25 20:04:36 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Mozilla\Firefox\Profiles\fort0edl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.27 19:05:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.27 19:05:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.27 19:06:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2010.04.21 12:16:04 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.10.14 20:24:04 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml [2011.10.14 20:24:04 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.14 20:24:04 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.14 20:24:04 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.10.14 20:24:04 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 11:48:28 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml O1 HOSTS File: ([2010.07.06 22:38:10 | 000,408,513 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14125 more lines... O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.) O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe () O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [Power_Gear] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe () O4 - HKCU..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe (ASUS) O4 - HKCU..\Run: [StartCCC] c:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\RunServices: [ComponentPrivate] c:\programme\ati technologies\ati.ace\core-implementation\pt-br\erecordhotkeymanager.exe File not found O4 - HKLM..\RunServices: [resourcesDataSetExtensions] c:\programme\reference assemblies\microsoft\framework\v3.5\de\resourcessystem.exe File not found O4 - HKLM..\RunServices: [SAUpdateSUPERAntiSpyware] c:\dokume~1\jens\lokale~1\temp\bdbd.exe File not found O4 - HKLM..\RunServices: [WizardAdobe] c:\programme\adobe\acrobat 7.0\reader\plug_ins\picturetasks\ols\acrobatadobe.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com.tw/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341433066625 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341433002265 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C6597E0-51FE-4062-8C69-0C07D8985091}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\jens\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\jens\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.08.21 19:11:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{05abfdca-f08d-11de-a91e-001d6041a400}\Shell\AutoRun\command - "" = H:\Menu.exe O33 - MountPoints2\{1a600d2e-c6ef-11dd-a6b6-001bfc94372b}\Shell - "" = AutoRun O33 - MountPoints2\{1a600d2e-c6ef-11dd-a6b6-001bfc94372b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{1a600d2e-c6ef-11dd-a6b6-001bfc94372b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe PSYCHOLOGIE_1.vbs O33 - MountPoints2\{f0b08b74-e7f7-11dc-a519-001bfc94372b}\Shell\AutoRun\command - "" = H:\wdsync.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.14 23:53:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\jens\Desktop\OTL.exe [2012.11.14 23:52:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2012.11.14 20:50:47 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\jens\Recent [2012.10.30 17:10:15 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird [2012.10.27 19:05:47 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2008.11.22 15:11:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\pcouffin.sys [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.14 23:57:04 | 000,467,830 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.11.14 23:57:04 | 000,448,586 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.11.14 23:57:04 | 000,088,846 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.11.14 23:57:04 | 000,074,568 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.11.14 23:56:36 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\Desktop\jx0d6i8l.exe [2012.11.14 23:54:40 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.11.14 23:53:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\jens\Desktop\OTL.exe [2012.11.14 23:52:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.14 23:50:50 | 000,000,358 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.11.14 23:48:44 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job [2012.11.14 23:48:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.14 23:48:30 | 2012,467,200 | -HS- | M] () -- C:\hiberfil.sys [2012.11.14 23:46:28 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\defogger_reenable [2012.11.14 23:46:00 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\Desktop\Defogger.exe [2012.11.14 22:06:50 | 000,541,569 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\Desktop\adwcleaner.exe [2012.11.14 19:45:54 | 000,050,774 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\Desktop\00_Syllabus_2012_11_14.pdf [2012.11.12 16:54:06 | 000,049,664 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.07 22:14:44 | 000,059,359 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\Eigene Dateien\eichel.pdf [2012.11.05 10:27:38 | 000,000,043 | ---- | M] () -- C:\WINDOWS\gswin32.ini [2012.11.01 18:46:54 | 000,000,515 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\Desktop\Planung.lnk [2012.10.28 09:57:28 | 000,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.10.26 18:15:12 | 000,058,775 | ---- | M] () -- C:\Dokumente und Einstellungen\jens\Eigene Dateien\AngemeldeteInabschluss272a982c-a3aa-4cd8-8156-cd3c3458e771.pdf [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.14 23:56:38 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Desktop\jx0d6i8l.exe [2012.11.14 23:54:36 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2012.11.14 23:46:16 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\defogger_reenable [2012.11.14 23:45:55 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Desktop\Defogger.exe [2012.11.14 22:06:48 | 000,541,569 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Desktop\adwcleaner.exe [2012.11.14 19:45:55 | 000,050,774 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Desktop\00_Syllabus_2012_11_14.pdf [2012.11.07 22:16:27 | 000,059,359 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Eigene Dateien\eichel.pdf [2012.11.01 18:46:53 | 000,000,515 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Desktop\Planung.lnk [2012.10.26 18:15:12 | 000,058,775 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Eigene Dateien\AngemeldeteInabschluss272a982c-a3aa-4cd8-8156-cd3c3458e771.pdf [2012.03.06 22:10:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.11.19 12:50:21 | 000,039,332 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.10.06 11:43:12 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\spd__l.dll [2011.10.06 11:43:11 | 000,283,136 | ---- | C] () -- C:\WINDOWS\System32\DscPnt.dll [2011.10.06 11:43:11 | 000,259,888 | ---- | C] () -- C:\WINDOWS\SUPDRun.exe [2011.10.06 11:43:09 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\spd__ci.exe [2011.03.12 15:54:59 | 000,001,048 | ---- | C] () -- C:\WINDOWS\Aeditor.INI [2011.03.12 15:36:31 | 000,000,681 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI [2011.03.07 18:37:05 | 000,000,130 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\webct_upload_applet.properties [2009.12.27 17:06:11 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\PnkBstrK.sys [2008.12.19 01:30:46 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\JavaMediaPlayer_audiolevel.cfg [2008.11.22 15:11:53 | 000,000,671 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\vso_ts_preview.xml [2008.11.22 15:11:26 | 000,087,608 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\inst.exe [2008.11.22 15:11:26 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\pcouffin.cat [2008.11.22 15:11:26 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\pcouffin.inf [2008.10.07 22:03:47 | 000,014,852 | ---- | C] () -- C:\Programme\settings.dat [2008.03.05 19:14:33 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2007.09.01 16:32:29 | 000,049,664 | ---- | C] () -- C:\Dokumente und Einstellungen\jens\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.08.31 11:25:34 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html ========== ZeroAccess Check ========== [2007.08.21 19:43:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:26 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2008.05.11 21:43:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2008.05.11 21:45:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc [2009.11.20 16:07:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus [2010.05.05 21:39:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.05.05 23:22:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software [2010.07.06 22:56:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2011.01.01 18:48:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012.04.06 14:15:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco [2012.06.02 11:38:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERSetup [2012.09.16 18:35:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2007.09.14 22:30:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Azureus [2007.09.17 19:18:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Teleca [2008.05.11 21:52:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Ulead Systems [2008.10.07 22:05:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Thunderbird [2008.11.22 15:11:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Vso [2010.10.15 22:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\DVDVideoSoftIEHelpers [2010.10.24 15:11:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\OpenOffice.org [2012.10.14 13:55:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jens\Anwendungsdaten\Foxit Software ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.11.2012 00:03:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\jens\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 66,09% Memory free
3,72 Gb Paging File | 3,24 Gb Available in Paging File | 86,97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 67,05 Gb Total Space | 27,02 Gb Free Space | 40,29% Space Free | Partition Type: FAT32
Drive D: | 42,84 Gb Total Space | 7,65 Gb Free Space | 17,85% Space Free | Partition Type: FAT32
Computer Name: DACHS | User Name: jens | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UPDATESDISABLENOTIFY" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\mIRC\mirc.exe" = C:\Programme\mIRC\mirc.exe:*:Enabled:mIRC
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam Client -- (Valve Corporation)
"C:\Programme\Azureus\Azureus.exe" = C:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Programme\BlobbyVolley\volley.exe" = C:\Programme\BlobbyVolley\volley.exe:*:Enabled:volley -- ()
"C:\Programme\Java\jre1.6.0_02\BIN\javaw.exe" = C:\Programme\Java\jre1.6.0_02\BIN\javaw.exe:*:Enabled:Java(TM) Platform SE binary
"C:\Programme\Counter-Strike\cstrike.exe" = C:\Programme\Counter-Strike\cstrike.exe:*:Enabled:CounterStrike Launcher -- (Valve, L.L.C.)
"C:\Programme\TF2\hl2.exe" = C:\Programme\TF2\hl2.exe:*:Enabled:hl2
"C:\Programme\TVUPlayer\TVUPlayer.exe" = C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component
"C:\Programme\Starcraft\StarCraft.exe" = C:\Programme\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
"C:\Programme\Mozilla Firefox\FIREFOX.EXE" = C:\Programme\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\System32\SUPDSvc.exe" = C:\WINDOWS\System32\SUPDSvc.exe:*:Enabled:Samsung UPD Service -- (Samsung Electronics CO., LTD.)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- (Skype Technologies S.A.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Steam\steamapps\jenseman@giga4u.de\counter-strike\hl.exe" = C:\Programme\Steam\steamapps\jenseman@giga4u.de\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FF2C26-DBCE-DADA-BEE5-0928E0F8F623}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05F4ABAC-8697-2291-16D8-4BFD7DD78B59}" = CCC Help Japanese
"{07C85A90-668F-A807-5C67-975E0777A9E8}" = Catalyst Control Center Localization Russian
"{0EA06F05-4320-E4DC-4374-E6C0986C964D}" = Catalyst Control Center Localization Finnish
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{137C5C08-8B6F-497A-1529-502359B3BA88}" = Catalyst Control Center Localization Polish
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{17EE76BB-5264-8946-DA8F-D564ED25EDDD}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Giga Ethernet Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{27599825-6BD9-1081-D1CC-0BFC01157204}" = CCC Help Hungarian
"{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1
"{2E13776F-DEAF-7C83-C2A9-3BF073D51BFD}" = Catalyst Control Center Localization Swedish
"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1
"{3482A5D0-F16D-A6C9-397F-8D85EA61BF93}" = Catalyst Control Center Localization Norwegian
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3CA756-9FB1-60D9-4435-6D9FEB42C637}" = Catalyst Control Center Localization Dutch
"{3E4039F8-5DA8-0414-B7E1-8DA8C8FC1565}" = Catalyst Control Center Localization Thai
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear
"{48D4215F-414F-1554-8534-E3D8156C0666}" = Skins
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A0FAC3C-852D-C0A3-1715-6F844C184CF0}" = CCC Help Portuguese
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4B29B49E-F274-58CE-25D2-791570F1619A}" = CCC Help French
"{4B546AE5-DF17-6D39-A846-A9ECD0153C9A}" = Catalyst Control Center Localization Greek
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{57EF4BC7-0C52-1872-C0CE-AEAB996E5626}" = Catalyst Control Center Localization Korean
"{5B701396-48C3-A3FA-43DB-FF975446759C}" = Catalyst Control Center Localization French
"{5ECA8F33-8F8E-1042-2082-5F02E64D6140}" = CCC Help Polish
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD
"{68B84920-CD46-8C5B-DABE-EC0FF6F0C703}" = Catalyst Control Center Localization German
"{6AF75C96-2093-51F4-0412-501CB317A7F9}" = CCC Help Thai
"{6D219284-A368-A0A5-AA55-8BAAE9EA60CC}" = Catalyst Control Center Localization Japanese
"{732442CA-AFFC-E75D-C586-2A3C71D8CFFE}" = CCC Help Finnish
"{767EE8DA-A2AA-00A9-1A21-9584E00867B8}" = Catalyst Control Center Core Implementation
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{815B5312-F7B5-EDD5-A899-B0228C3C7F3A}" = CCC Help Turkish
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{857D4360-762B-978B-76AD-491AA719E47A}" = ccc-core-static
"{86552A3A-0437-319B-46C5-569FC9F7ACA9}" = ccc-utility
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89DDBCD4-B326-4545-9A05-26C7B16C1DEB}" = PowerForPhone
"{89EAD7B4-1CAC-CC9E-F040-FE041A2EA77C}" = Catalyst Control Center Localization Spanish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BE3174F-3BFE-8822-4493-A0519D1E4E94}" = Catalyst Control Center Localization Portuguese
"{8F722FA9-B994-4C9B-B292-FD32D6206EDF}" = ASUS WLAN Card Utilities/Driver
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = Asus MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{9D7802F0-3C39-ED52-10D9-AE8A7FB5A94C}" = Catalyst Control Center Localization Hungarian
"{9F303CF8-2998-4541-C9F7-C3AAEC2B88B0}" = Catalyst Control Center Graphics Full Existing
"{A042FD6F-D051-ECE5-71C9-52ABFE36EBF9}" = Catalyst Control Center Localization Czech
"{A125DDDB-E0C0-08E0-F04C-7B5409DFFC79}" = Catalyst Control Center Graphics Light
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A41EB7B5-8883-4795-A587-AAD8A84A010D}" = Cisco AnyConnect Secure Mobility Client
"{A6E71574-2126-4E95-816E-32B2411C94BA}" = Ulead MediaStudio Pro 8.0
"{AB1E9EC2-42E4-E801-83BB-AAFF86DDEC7E}" = CCC Help Czech
"{AE3795EC-AE7F-474E-B5A7-D693AA068039}" = Stata 11
"{B02A3921-F7B7-C73F-395B-8172C9EE4006}" = Catalyst Control Center Localization Italian
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD17DEF2-8970-E4F5-337A-C10DE4D33F29}" = CCC Help Korean
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C5A2542D-CF79-3EE6-7673-2CEDA2338172}" = CCC Help Greek
"{C69B9631-B617-B714-7FE2-6FCD5B891ACD}" = Catalyst Control Center Localization Chinese Traditional
"{C6D7BC96-A608-0908-F6E7-53C118423087}" = CCC Help Chinese Standard
"{C8A4038E-4DA5-879D-A353-7443FC3EE22C}" = CCC Help Spanish
"{C9B7D4A2-7A42-96BC-DE77-6EB23F1116A8}" = CCC Help Swedish
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE344E77-B015-C6D0-9A1B-0EA0043E7A52}" = CCC Help Russian
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D9D45F79-D38C-9BCA-4023-6F3E365D5D25}" = CCC Help Dutch
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCE907E3-4D72-4CD3-A08A-BEFC8C7A5869}" = Branding
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4BCF2E7-B181-C240-B6EC-04A8FA633EEF}" = Catalyst Control Center Graphics Full New
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E91EBA1F-DA25-58B2-365F-FB76BDC81F86}" = Catalyst Control Center Localization Turkish
"{EA2F03AD-BF9D-EECC-F24C-549046AEC17A}" = Catalyst Control Center Localization Danish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EE78C2A7-1413-105B-DC86-3F9FA6B10C2F}" = CCC Help Danish
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F2AAE965-966C-104E-ECCD-9F111A83139C}" = CCC Help Italian
"{F3AEE6A8-5FA3-F9AA-8CA7-D1AAD6352065}" = Catalyst Control Center Localization Chinese Standard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7F564DD-A790-D01A-5390-6D1386AA5621}" = CCC Help Norwegian
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FD9B0D38-7B82-5A3A-E046-D8DBF3F06A93}" = CCC Help Chinese Traditional
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"Azureus" = Azureus
"CCleaner" = CCleaner
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"Diablo II" = Diablo II
"Foxit Reader_is1" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"Half-Life: Counter-Strike" = Half-Life: Counter-Strike
"HControl" = ATK0100 ACPI UTILITY
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PDF Blender" = PDF Blender
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SpeedFan" = SpeedFan (remove only)
"Starcraft" = Starcraft
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Actualizar Modem Instanet 4G" = Actualizar Modem Instanet 4G
"Skat-Online V6" = Skat-Online V6
"Skat-Online V7" = Skat-Online V7
"Steam App 10" = Counter-Strike
"Sweet Home 3D - Java 3D 1.3" = Sweet Home 3D - Java 3D 1.3
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.07.2012 16:42:46 | Computer Name = DACHS | Source = LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst ASP.NET_2.0.50727 (ASP.NET_2.0.50727). Der Fehlercode ist das erste DWORD
im Datenbereich.
Error - 04.07.2012 16:42:49 | Computer Name = DACHS | Source = LoadPerf | ID = 3001
Description = Der Wert für die Namenszeichenfolge im Leistungsindikator in der Registrierung
ist
falsch formatiert. Die ungültige Zeichenfolge ist 15970 und der ungültige Indexwert
ist das erste DWORD im Datenbereich, während die letzten gültigen Indexwerte die
zweiten und dritten DWORD im Datenbereich sind.
Error - 04.07.2012 16:42:49 | Computer Name = DACHS | Source = LoadPerf | ID = 3001
Description = Der Wert für die Namenszeichenfolge im Leistungsindikator in der Registrierung
ist
falsch formatiert. Die ungültige Zeichenfolge ist 15970 und der ungültige Indexwert
ist das erste DWORD im Datenbereich, während die letzten gültigen Indexwerte die
zweiten und dritten DWORD im Datenbereich sind.
Error - 04.07.2012 16:42:49 | Computer Name = DACHS | Source = LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst aspnet_state (ASP.NET-Zustandsdienst). Der Fehlercode ist das erste DWORD
im Datenbereich.
Error - 04.07.2012 16:42:49 | Computer Name = DACHS | Source = LoadPerf | ID = 3001
Description = Der Wert für die Namenszeichenfolge im Leistungsindikator in der Registrierung
ist
falsch formatiert. Die ungültige Zeichenfolge ist 15970 und der ungültige Indexwert
ist das erste DWORD im Datenbereich, während die letzten gültigen Indexwerte die
zweiten und dritten DWORD im Datenbereich sind.
Error - 05.07.2012 01:42:39 | Computer Name = DACHS | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 13.07.2012 13:25:42 | Computer Name = DACHS | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 16.07.2012 03:56:29 | Computer Name = DACHS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 13.0.1.4548,
fehlgeschlagenes Modul foxitr~1.ocx, Version 1.0.1.224, Fehleradresse 0x000268d1.
Error - 18.07.2012 02:38:47 | Computer Name = DACHS | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 27.07.2012 07:31:17 | Computer Name = DACHS | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 12.11.2012 11:49:08 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 12.11.2012 18:51:29 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 13.11.2012 03:48:43 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 13.11.2012 12:56:12 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 14.11.2012 13:16:32 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 14.11.2012 17:21:45 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 14.11.2012 17:26:32 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 14.11.2012 18:36:09 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 14.11.2012 18:47:28 | Computer Name = DACHS | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 14.11.2012 18:50:44 | Computer Name = DACHS | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
[ System Events ]
Error - 02.11.2012 13:54:59 | Computer Name = DACHS | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Starten Sie den Dienst neu..
Error - 02.11.2012 13:55:04 | Computer Name = DACHS | Source = Service Control Manager | ID = 7034
Description = Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
Error - 08.11.2012 05:14:39 | Computer Name = DACHS | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.150 für die Netzwerkkarte mit der Netzwerkadresse
001BFC94372B wurde durch den DHCP-Server 1.1.1.1 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 08.11.2012 12:12:17 | Computer Name = DACHS | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.199.8.22 für die Netzwerkkarte mit der Netzwerkadresse
001BFC94372B wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 09.11.2012 15:01:36 | Computer Name = DACHS | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 001BFC94372B zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 14.11.2012 17:20:58 | Computer Name = DACHS | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.
< End of report >
Ich hoffe, ich habe alle nötigen Infos gepostet! Viele Grüße |
| Themen zu Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich? |
| 0xc0000001, adobe, antivirus, application/pdf:, avast, avira, bho, bonjour, brief, converter, e-banking, error, fehler, firefox, flash player, gefährlich?, gen-nullo, infizierte, install.exe, jdownloader, load.tubes, mozilla, mp3, object, photoshop, plug-in, realtek, rundll, software, starten, superantispyware, symantec, trojaner, udp, usb 2.0, windows internet, wlan, wscript.exe |
Baum-Darstellung